<h1>Submit your image here</h1>
<?php
/*
    This script is vulnerable to "file upload" vulnerability.
    Malicious user could send in for example a php file and
    execute it.
*/
if (isset($_POST['submit_file'])) {
    $target_path = "uploads/";
    $target_path = $target_path . basename( $_FILES['image']['name']);
    if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
        echo "The file ".  basename( $_FILES['image']['name']).
        " has been uploaded";
    } else{
        echo "There was an error uploading the file, please try again!";
    }
}
?>
<form enctype="multipart/form-data" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose an image file to upload: <input name="image" type="file" /><br />
<input type="submit" value="Upload Image" name="submit_file" />
</form>
